UKG expects weeks of downtime after ransomware attack
Catalin Cimpanu December 13, 2021

UKG expects weeks of downtime after ransomware attack

UKG expects weeks of downtime after ransomware attack

UKG (formerly Kronos), a company that provides payroll and human resource management software, said today that it might need up to several weeks to restore cloud systems impacted by a ransomware attack that hit its systems over the weekend.

According to an email sent to customers today, the incident impacted Kronos Private Cloud, a cloud-hosted version of the company’s classic self-hosted payroll and HRM software.

Not all Private Cloud servers were hit, as the company had segmented its cloud infrastructure. Impacted services currently offline include:

“At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud,” UKG Executive Vice President Bob Hughes told customers in emails sent out today.

Self-hosted solutions are also not impacted, the company said in a forum post, as these resided inside customer environments and were not connected to its cloud infrastructure.

“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions,” Hughes told customers.

A UKG customer, who notified The Record about the incident earlier today, said they haven’t been able to access any worker schedules and payroll information, which is currently impacting their ability to pay salaries just ahead of the winter holidays. The customer said they still plan to pay out bonuses, which will somewhat mitigate any salary delays.

“At least they didn’t lie about expecting weeks to recover,” the impacted customer told The Record.

“We are a small operation, and when we got hit by ransomware, it took three weeks to restore everything,” they added.

A UKG spokesperson did not return a request for comment seeking additional details about the attack and its potential cause.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.